Use Supply Chain Security Features for Gems

[arielvalentin]

We must take action to reduce the risk of compromising Ruby Gems published from our repositories.

• Cryptographically Sign Gems: https://guides.rubygems.org/security/
  • Create or obtain a certificate from the opentelemetry community
  • Document the process for managing certs
  • Sign gems as part of the release process
• Adopt Roles and stop sharing credentials: https://blog.rubygems.org/2024/11/07/maintainer-role.html
  • Document the process for managing maintainers and owners to our RubyGems account

[github-actions]

👋 This issue has been marked as stale because it has been open with no activity. You can: comment on the issue or remove the stale label to hold stale off for a while, add the keep label to hold stale off permanently, or do nothing. If you do nothing this issue will be closed eventually by the stale bot.

[arielvalentin]

@simi any chance you make be able to help implement this?